PfSense behind Uverse (with wireless) as a second subnet for only Internet

acro-ii

Ok, let me try to explain what I am attempting to do without success.
My church has ATT Uverse with built in wireless.  They are using both wired & wireless.  The connection is getting an IP from ATT via DHCP.
I want to set up a pfsense box that I can connect an additional switch to so that there will be a separate network for ONLY internet connectivity, but NOT allow connectivity to the corporate network.  The pfsense box will use the local ip of the uverse box as it's gateway. (192.168.1.254).  I don't care what IP scheme the second network is using.  I just need to be able to share the connection, and exclude the connection to anything else.

Here is an simple diagram of the problem.  ANY help would be greatly appreciated!

Internet –--------------ATT MODEM/WIRELESS
                                    |                         
                                    |                          pfsense
                                    |                           
                                    |                    "Guest" Network
                                Corporate.            Internet ONLY

jahonix

And what exactly isn't working?

Derelict

I'd put the modem in bridge mode, let pfSense get a public IP address, and put another wireless device and the corporate network behind another pfSense interface.  Anything else is a kludge.

jahonix

There are many possible setups. Some known to work well, others might not.
As long as we're not told which problems there are it's guessing in the dark.

acro-ii

I cannot put modem in bridge mode as they are using the built in wireless.
I cannot prevent traffic from going to all ip address on the 192.168.1.0 subnet. If I block all except 192.168.1.254 (the uverse modem - gateway) I get no internet connectivity, but can still access 192.168.1.3, 192.168.1.10, etc.( all addresses). No matter what I try with block and pass rules, I can kill Internet, yet connectivity to the corporate subnet still works, which is what we don't want.

It's like once I allow any connection to the uverse modem, all ip addresses on that subnet are accessible, regardless of rules in pfsense.

Derelict

Which is why I said get another access point. They're like $19.  Cart, Horse.  All your talk about what networks are accessible in what situation are pretty useless without knowing what subnets are where.  See the diagram in my sig for the type of information needed to give you prompt, accurate help.

jahonix

@acro-ii:

I cannot put modem in bridge mode as they are using the built in wireless.

I don't know this specific device but those we-have-wifi-too boxes usually come with the crappiest WLAN hardware (aka cheapest possible) you can imagine.

As Derelict suggested, get a decent, separate WLAN AccessPoint and start over.
And you can place that AP where it makes sense (coverage wise) and not where your uverse box needs to be.

acro-ii

I got it working.
Thanks anyway.